mongoose.collect.suricata_eve_collector

class mongoose.collect.suricata_eve_collector.SuricataEveCollector(configuration)[source]

Bases: Thread

Collector that reads Suricata EVE JSON events from a Unix socket in a separate thread.

This class extends threading.Thread to run event collection concurrently. It connects to a Suricata Unix socket, parses each EVE JSON line, and converts ‘alert’ and ‘netflow’ events into NetworkAlert and NetworkFlow models respectively, then publishes them to a ProcessingQueue.

It handles socket connection retries and ensures graceful termination through the ProcessingQueue stop signal or the disabled flag.

__init__(configuration)[source]

Initialize the collector with the provided configuration.

Parameters:: configuration (SuricataEveConfiguration) – A SuricataEveConfiguration instance containing socket_path.

collect()[source]

Perform event collection from Suricata Unix socket.

This method:

Connects to the Unix socket specified in configuration.
Reads the stream and splits it into JSON objects (one per line).
Dispatches ‘alert’ and ‘netflow’ events to their respective topics.
Stops if processing_queue.processing_stopped().

read_socket_with_timeout(timeout=5.0)[source]

run()[source]

Thread entrypoint.

Calls collect() so this object can be started via thread.start().

configuration: Configuration object providing socket_path.

processing_queue: Queue used to publish events for downstream processing.